Date: Wed, 6 Apr 2022 03:04:17 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: b2b23824272d - releng/13.0 - net80211: validate Mesh ID length in ieee80211_parse_beacon Message-ID: <202204060304.23634H1v034813@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch releng/13.0 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=b2b23824272dbfbdc99a51237bdeea0216184b81 commit b2b23824272dbfbdc99a51237bdeea0216184b81 Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2022-04-05 23:27:00 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-04-05 23:27:01 +0000 net80211: validate Mesh ID length in ieee80211_parse_beacon Reported by: m00nbsd working with Trend Micro Zero Day Initiative (cherry picked from commit fb8c87b4f3bfdfac014f9d894fe75fbad0391b24) (cherry picked from commit 72617f9246e3a4be28eeafeae1bdd983143eef3e) Approved by: so Security: CVE-2022-23088 Security: FreeBSD-SA-22:07.wifi_meshid --- sys/net80211/ieee80211_input.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c index 66a5ba1c4035..2601b4cb9e63 100644 --- a/sys/net80211/ieee80211_input.c +++ b/sys/net80211/ieee80211_input.c @@ -742,6 +742,12 @@ ieee80211_parse_beacon(struct ieee80211_node *ni, struct mbuf *m, IEEE80211_VERIFY_LENGTH(scan->csa[1], 3 * sizeof(uint8_t), scan->status |= IEEE80211_BPARSE_CSA_INVALID); } +#ifdef IEEE80211_SUPPORT_MESH + if (scan->meshid != NULL) { + IEEE80211_VERIFY_ELEMENT(scan->meshid, IEEE80211_MESHID_LEN, + scan->status |= IEEE80211_BPARSE_RATES_INVALID); + } +#endif /* * Process HT ie's. This is complicated by our * accepting both the standard ie's and the pre-draft
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202204060304.23634H1v034813>